What is an insider threat? Any person who has authorized access to US government resources to include personnel, facilities, information, equipment, networks, or systems AND uses his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat includes potential espionage, violent acts against the Government or the Nation including terrorism, unauthorized disclosure of national security information, or the loss or degradation of departmental resources or capabilities.
Insider Threat Brochure
How can you identify an insider threat? There is no foolproof formula for identifying or predicting an insider threat; however, most maligned insiders exhibit risky behavior prior to committing adverse actions in the workplace. Currently, there are ~130 Potential Risk Indicators (PRI) associated with insider threat. Not all of these PRIs will be evident in every insider threat and not everyone who exhibits these behaviors is doing something wrong. PRIs are clues that require critical thinking and analytic reasoning to determine their relatedness to the insider threat problem set. A list of insider threat potential risk indicators can be found here.
1. If there are signs that an insider threat incident is imminent, a crime has already occurred, or if you have dire concerns for your safety or the safety of others, contact law enforcement immediately.
2. For non-imminent threats notify your Chain of Command, Command Security Manager, or designated Insider Threat Liaison.
3. Personnel working in an independent duty status can obtain assistance through the nearest available Security Manager, Contracting Officer Representative, or Facility Security Officer.
4. In situations where none of the options listed above are available or you don’t feel comfortable with utilizing them, assistance may be obtained directly from the MCCInTP by sending an email to: firstname.lastname@example.org
1. Executive Order 13587- The heads of agencies that operate or access classified computer networks shall have the responsibility for appropriately sharing and safeguarding classified information on computer networks. As part of this responsibility, they shall implement an insider threat detection and prevention program consistent with guidance and standards developed by the Insider Threat Task Force.
View EO 13587
2. National Defense Authorization Act for Fiscal year 2017- “In order to enable detection and mitigation of potential insider threats the Secretary shall ensure that insider threat programs of the Department collect, store, and retain information from the following: Personnel security, Physical security, Information security, Law Enforcement, Counterintelligence, User activity monitoring, Information assurance, Such other data sources as the Secretary considers necessary and appropriate.
View FY17 NDAA
3. DoDD 5205.16- The DoD Component heads shall: implement the minimum standards for Executive Branch insider threat programs in accordance with the DoD implementation plan; establish or maintain a multi-disciplinary threat management capability to conduct and integrate the monitoring, analysis, reporting, and response to insider threats.
View DoDD 5205.16
Countering Insider Threat is a complex problem; therefore, the more you know the better equipped you will be to contribute to this effort. All Marine Corps personnel (active and reserve Marines, DoD Civilian Employees, and Contractors) are strongly encouraged to take advantage of the education opportunities supporting Counter Insider Threat offered at:
For information pertaining to the laws, authorities, and nationally mandated Program requirements visit:
Click here to review our Workplace Violence Fact Sheet